Exetools - How to debug kernel Drivers??

Exetools (https://forum.exetools.com/index.php)

- General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)

- - How to debug kernel Drivers?? (https://forum.exetools.com/showthread.php?t=4389)

loman

06-03-2004 03:30

How to debug kernel Drivers??

hello,
I just want to debug a driver with softice, I've never done it before, anyone can told me if I can do it without having source, I know that softice can do it if you've got them, but dunno how to do it without.... anyone knows if it's possible to hide sice of compuware driverstudio 3.1 ( on FTP) icedump I found don't work for version 4.3.1
Thanks a lot,long life to exetools
loman!

peleon

06-03-2004 15:28

Hi,

When you have the driver loaded you can put in Softice: "driver drivername", then you will see the Dispatch routines addresses for that driver. Just set up a BPX in the routines addresses that you are interested to trace.

Regards.

loman

06-03-2004 16:27

thanks, when I'll be at home, I'll try!

ionescu007

06-07-2004 02:32

Hi,

It would also be very useful to have the symbols set up for the driver...it will give you a lot of help..as well as the whole OS symbols, since the driver is likely to call other functions in the kernel.

Best regards,
Alex Ionescu
http://www.relsoft.net

pigman

06-12-2004 12:44

Best way!

Best way to debug kernel drivers, install target OS on VMWare,
install there debugger target components.

And Debug it from host OS.

I don't try WinDbg, but Driver Studio works fine.

fantast_xue

06-13-2004 10:49

I've never made softice work fine with vmware, but windbg was ok. :)

What should I attend to when I use softice under vmware?

WhoCares

06-15-2004 23:04

Don't forget IDA + I2S(IDA2Softice) plug-in if you have no source for your target! :D

loman

06-16-2004 03:44

can you please tell me where to find IDA2Softice??
thanks
loman

WhoCares

06-16-2004 13:39

why not google it? :D

JMI	06-16-2004 14:59

Searching? Nah. That's way too hard. :eek: Especially is one has to go all the way to the main page of Aaron's Home Page. It IS a TOOL site after all.

Regards,

loman

06-16-2004 19:41

I googled it ,
hxxp://www.google.com/search?sourceid=navclient&hl=it&ie=UTF-8&oe=UTF-8&q=IDA2Softice

or

hxxp://www.google.com/search?q=i2s+ida&hl=it&ie=UTF-8

but I wasn't able to find it, sorry

WhoCares

06-17-2004 00:42

I2S is written by mostek.

hxxp://mostek.subcultural.com/

JMI	06-17-2004 01:52

loman:

Did you, by any chance READ my post?????????

Aaron has a TOOL SITE associated with this Forum. Its at:

http://www.exetools.com (Well duh!)

On the Home Page is a link to:

"updated disassembler: IDA to SoftIce converter/loader v0.02i - added plugIn for IDA 4.19"

which is linked to "http://mostek.subcultural.com/" where you will find the v0.03 of the software.

Regards,

JMI	06-17-2004 08:36

To Set the Record Straight:

loman PM'ed me to point out he had not understood my original post because of problems with English. I will say here what I said to him in my reply.

I am also sorry that I did not recognize that English was the problem and recognize now that my earlier post was not that clear for a non-English speaking person.

Reversing is difficult enough when done in one's own language and it is much much harder when trying to learn it in someother language. I have great respect for those who try that difficult task and admiration for those who succeed. My apologies to loman for misunderstanding the problem. ;)

Regards,

saurabh

06-18-2004 21:31

Quote:

Originally Posted by loman

Also, try to get Windows Checked/Debug Build, it wil be very helpfull IMHO. Microsoft provides the Debug version to MSDN subscribers. I am sure someone on this forum might be having it.

All times are GMT +8. The time now is 04:50.